CISSP as a first security Cert?
I'm thinking of going for my CISSP...I've got the MCSE+I and I'll be getting my CCNA in a few months. The question I have since it's such an involved test, is it practical to have that be your first security certification? I was thinking of going for the security +, but my job is only going to send me to one class and I figure if I have to choose between the two I should go for the CISSP class and then go for the cert.
Comments
However unless you have extensive expereience with all the 10 CBKs then its going to be a tough exam for you. Just taking a class will not prepare you enough for the exam. Additionally you may want to check and ensure that you meet the ISC requirements to get your CISSP.
But dont let that detur you.....its possible
If you can choose only 1 security cert, but want one that people can easily recognize than maybe you should go for the CEH. But the CEH, has a 2 years in the security field requirement.
If you don't meet the experience requirement than there is nothing wrong with getting the Security+ (I have it) and then focusing on the MCSA: Security or MSCE: Security cert.
Could you give me an example of something that I couldn't know without having experience that would be on the test? Like for my ccna exam if I'd never put my hand on a router or simulation program I couldn't have passed that test, but to my understanding the CISSP is pretty much straight information, stuff that can be learned from a book, albeit a whole lot of stuff.
I'm also wondering if it would even be worthwhile for someone like me to have. The site says it's for mid to upper level managers. I'm not even a lower level manager, in fact I'm at the bottom of the totem poll in my office as i'm the lowest graded network administrator in the group.
The reason I'm considering the certification is for career advancement and marketability should I ever decide to look for another job. Also to add more under my belt in my job and make it more interesting. I want to remain a techy type, though, and not end up being a report writer.
It's not true that you need extensive experience in ALL of the CBK Domains, but you do need to have extensive experience in a some of them.
In what way do you need extensive experience? Does this test ask you questions that only a person who has run into such problems would know the answer to? or is there some sort of simulation questions? Is it possible to pass this test on reading about the domains from multiple books? is the accociate test different?
thanks
"However unless you have extensive experience with all the 10 CBKs"
I.e. 'some' experience in all the domains won't likely be enough for the 3-4 years required experience, but extensive experience in some of the domains can. Extensive as in duration and in depth.
I think the CISSP on of the best, perhaps 'the' best example of a certification you won't be able to pass from 'a' book alone, if you don't have the experience.
The test is a written test, i.e. you need to mark answers on a piece of paper. So since it's not computer-based it doesn't contain sims or other interactive type of questions.
I see no reason why it wouldn't be possible. Especially when you also include non-CISSP books (ie. general books on cryptography, BCP, DR, etc.etc.). There's not much else you can do, the CISSP is primarily theory and concepts (about practical topics as well).
Not the test is the same. ISC2 explicitely mentions on their website several times, there's an essential difference betweent the CISSP test and the CISSP cert. Anyone can sit for the exam, but those without the experience don't get the CISSP cert. Even though you have to select the Associate option when registering for the CISSP exam, the eventual exam 'is' a CISSP exam, simply because it 'can' lead to the CISSP cert once you do have the experience, for which you have 2.5 years (not sure I read that online or someone from ISC2 UKtold me) to get it after you passed the ISC2 associate. If you don't expect to gain the remaining experience within 2.5 years, you should consider the SSCP instead.
Good luck whatever you decide to do!
So far the book is pretty informative for someone like me who is studying sec+ and wondering about future security exams. Hopefully I can finish it before the holiday so i can read the sybex book on sec+ to finish up my study for that exam. Im sure the CISSP for dummies wont hurt my sec+ studies
Thanks for all the great info guys!
Keatron.